Thanks Sleeper for sending this in :D
An independent network security researcher has uncovered a new way to steal the secret browser "cookies" of Web surfers with the help of Internet servers that were never intended to communicate with browser software.
The exploit, described by a researcher who uses the handle "Obscure" and posted on the Eye On Security Web (EOS) site, relies on common Internet server software other than Web servers that can "echo" hijacked submissions from HTML forms.
In a demonstration of the exploit, which Obscure calls the Extended HTML Form Attack, a POP3 (post office protocol) e-mail server at Ebay was used to divulge the browser cookies of users who had visited the auction giant's Web site.
As delivered by some Web sites, browser cookies may contain such private information as user IDs and passwords.
An EOS paper on the vulnerability says the Extended HTML Form Attack appears to work on recent releases of browsers from Microsoft and Opera.
The exploit gets its name from the HTML Form Protocol Attack described last summer by computer programmer Jochen Topf, who discovered that malicious hackers could wield seemingly ordinary- looking Web pages to send commands to servers behind such barriers as corporate firewalls.
Topf found that some popular Web browsers didn't complain when data submitted through otherwise ordinary Web forms was directed at TCP (transport control protocol) ports associated with such services as e-mail - simple mail transfer protocol (SMTP) and POP3 - Internet relay chat (IRC), the file transfer protocol (FTP) and newsgroups (NNTP).
News source: TechNews - New Twist On Web-Forms Hack Scarfs Browser Cookies
-1 Comments - Add comment